Authentication and Message Authentication in Network Security
NETWORK SECURITY LAB
Lab
2
. Authentication & Message
Authentication
W
h
a
t
i
s
A
u
t
h
e
n
t
i
c
a
t
i
o
n
?
• Short answer: establishes identity
Answe
r
s
t
h
e
ques
t
i
on
:
T
o
who
m
a
m
I
speak
i
ng?
Long answer: evaluates the authenticity of
identity proving credentials
‣
Credential – is proof of identity
‣
Evaluation – process that assessing the
correctness of the association between
credential and claimed identity.
• Usually for a purpose
• Policy driven (what constitutes a good cred.?)
W
h
y
A
u
t
h
e
n
t
i
c
a
t
i
o
n
?
• World of
rights, permissions, and duties
?
Authentication establishes our identity so
that we can obtain the set of rights/products
and services
E
.g.
,
w
e
e
s
t
a
bli
s
h
o
u
r
ide
n
tit
y
w
i
t
h
T
i
f
fan
y
’
s
b
y
p
r
o
v
i
din
g
a
vali
d
c
r
e
d
i
t
c
a
rd
w
hi
c
h
gi
v
e
s
u
s
r
ig
h
t
s
t
o
pu
r
c
h
a
se
good
s ~
ph
ys
i
c
a
l
authenti
c
ation
sys
tem
.
• Q: How does this relate to security?
A
u
t
h
e
n
t
i
c
a
t
i
o
n
i
n
C
o
m
p
u
t
e
r
W
o
r
l
d
The Customer and Vendor are not physically
located in same place.
• Prove the repudiation of what we are.
– Ex: Buying something online using a credit card:
– Authentication needed:
• Credit Card number
• CVV
• OTP
• Personal Details (Name, Email, Age, etc.,)
P
r
o
v
i
n
g
I
d
e
n
t
i
t
y
• How to verify “Who am I”?
• Documentary resembling proofs;
– Driver’s license
– Credit Card
– Signature Verification
– Biometric Verification
P
r
o
v
i
n
g
I
d
e
n
t
i
t
y
(
2
)
• Other methods of verifying Identity are:
– Something I know
• Mother’s maiden name, First school, Fav. Actor etc.,
– Something I have
• Smart chip cards, valid photo ID cards, etc.,
– Something I am (Bio-Metric)
• Fingerprints
• Iris
• Face Recognition
M
e
s
s
a
g
e
A
u
t
h
e
n
t
i
c
a
t
i
o
n
it.
• What confirms Message Authentication?
– A Received message from source that claims it sent
– Message that hasn’t been altered in anyway.
– Message sequence is unchanged
– Message timing is unchanged
• Relay
• Delay
• Replay
– Non-repudiation by sender
– Non-repudiation by recevier
A
u
t
h
e
n
t
i
c
a
t
i
o
n
F
u
n
c
t
i
o
n
s
• Lower level Functions
– Authenticator or Value
– Ex: Getting an OTP or verification message
• Higher level functions
– Authenticator to verify authenticity of message
– Ex: Getting OTP only after attempting login in bank site
• Functions to produce authentication
– Message Encryption (Ciphertext, AES, DES, RSA, etc)
– Message Authentication Code (Checksum, MAC, etc)
– Hash functions
• Mapping messages to value
keyed hash functions
M
e
s
s
a
g
e
A
u
t
h
e
n
t
i
c
a
t
i
o
n
C
o
d
e
– M = Message
ready.
authenticity of message by:
• Also known as
cryptographic checksum
– MAC = C
K
(M)
– K = Key shared between sender and receiver
– C
K
(M) = Fixed Value authenticator
• MAC is readied at source after the message is
• The receiver of the message can verify the
–
Re-computing the MAC of the message
M
e
s
s
a
g
e
A
u
t
h
e
n
t
i
c
a
t
i
o
n
C
o
d
e
•
Authentication √
•
Integrity
√
M
A
C
i
s
v
u
l
n
e
r
a
b
l
e
t
o
a
t
t
a
c
k
s
• Encryption in MAC
– Dependent on length of the key
– Brute force attacks: 2
K-1
combinations of K bit
key
Unkeyed hash functions
M
D
5
–
M
e
s
s
a
g
e
D
i
g
e
s
t
5
• Step 1: Appending padding bits
– All block size are of 512bits
– Padding bits: 1000…512
th
(0)
– (Msg + pad bits + 64 bit for length) = n X 512
• Step 2: Append length
• Step 3: Initialize MD Buffer
• Step 4: Process message in 512 bit blocks
• Step 5: output 128 bit checksum
M
D
5
–
H
a
n
d
s
-
o
n
• Refer to student lab manual for hands-on
S
e
c
u
r
e
H
a
s
h
i
n
g
A
l
g
o
r
i
t
h
m
(
S
H
A
)
• Secure Hashing Algorithm
• MD5 -Dead
• SHA -1
• SHA -2
• SHA -3
S
e
c
u
r
e
H
a
s
h
i
n
g
A
l
g
o
r
i
t
h
m
(
2
)
SHA based algorithms are used for
authentication.
• Iterative one way hashing algorithm that process a
message to produce a condensed representation
called a “Message Digest”
• Message digest ensures integrity:
• That means if a message changes, the message
digest will also change.
S
e
c
u
r
e
H
a
s
h
i
n
g
A
l
g
o
r
i
t
h
m
(
3
)
W
h
y
d
i
f
f
e
r
e
n
t
v
e
r
s
i
o
n
s
o
f
S
H
A
?
B
ased
on
t
he
Al
go
r
i
t
hm
t
hat
i
s app
li
ed
t
o
t
he
t
ex
t/f
il
e
t
he
b
l
ock
s
i
ze of
t
he
m
essage
d
i
gest
wil
l
change.
–
E
x
a
m
p
l
e
i
f
S
H
A
-
1
i
s
a
p
p
l
i
e
d
t
h
e
m
e
s
s
a
g
e
d
i
g
e
s
t
w
i
l
l
r
e
s
u
l
t
i
n
a
5
1
2
b
l
o
c
k
O
R
1
6
0
B
i
t
–
S
H
A
-
2
:
A
f
a
m
i
l
y
o
f
t
w
o
s
i
m
i
l
a
r
h
a
s
h
f
u
n
c
t
i
o
n
s
,
w
i
t
h
d
i
f
f
e
r
e
n
t
b
l
o
c
k
s
i
z
e
s
,
k
n
o
w
n
a
s
S
H
A
-
2
5
6
a
n
d
S
H
A
-
512. They differ in the word size; SHA-256 uses 32-
bit words where SHA-512 uses 64-bit words.
–
S
H
A
-
3
:
A
h
a
s
h
f
u
n
c
t
i
o
n
f
o
r
m
e
r
l
y
c
a
l
l
e
d
K
e
c
c
a
k
,
I
t
s
u
p
p
o
r
t
s
t
h
e
s
a
m
e
h
a
s
h
l
e
n
g
t
h
s
a
s
S
H
A
-
2
,
a
n
d
i
t
s
i
n
t
e
r
n
a
l
s
t
r
u
c
t
u
r
e
d
i
f
f
e
r
s
s
i
g
n
i
f
i
c
a
n
t
l
y
f
r
o
m
t
h
e
r
e
s
t
o
f
t
h
e
S
H
A
f
a
m
i
l
y
.
H
o
w
S
H
A
W
o
r
k
s
?
• Step 1 - Preprocessing
• A Two step procedure
• Based on algorithm of SHA, the initial values will
also change
H
o
w
S
H
A
W
o
r
k
s
?
(
2
)
• Step 1.1 – Padding message
• The binary representation of the message
– Message Contains 8X4=32 bits
H
o
w
S
H
A
W
o
r
k
s
?
(
3
)
• Remaining Steps:
• Step 2: Compute Message digest
– Identify the binary value of the message after padding
–
It
e
r
a
t
e
t
he
m
essage
schedu
l
e
fr
om
0
-
15
(
based on
a
l
go
r
i
t
h
m
)
– Initialize the working variable with the (i-1)
st
hash value
• Step 3:
– Iterate the function for t=0 to 79
–
I
den
t
i
f
y
t
he
va
l
ue
of
w
s
(
as de
f
i
ned
i
n
t
he
secu
r
e hash
s
t
anda
r
d)
• Step 4:
– Compute the i
th
value for intermediate hash value
R
e
p
o
r
t
W
o
r
k
• Using MD5
– Produce a checksum for:
• An image
• A text file
• A pdf fie
– Create a text file with the checksums
– Append the image, text in the file and pdf file
– Produce the checksum again and submit both
the checksums: before and after the changing
the file.
M
e
s
s
a
g
e
A
u
t
h
e
n
t
i
c
a
t
i
o
n
C
o
d
e
•
Authentication X
•
Integrity
√
Authentication is crucial in establishing identity in the digital world to access rights, products, and services. It involves validating credentials to prove identity and ensure security. Message authentication confirms the integrity and origin of transmitted data, preventing alteration or unauthorized access. Various methods, such as biometrics and smart cards, are used to verify identity and ensure secure communication in computer systems.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
NETWORK SECURITY LAB Lab 2. Authentication & Message Authentication
What is Authentication? Short answer: establishes identity Answers the question: T o whom am I speaking? Long answer: evaluates the authenticity of identity proving credentials Credential is proof of identity Evaluation process that assessing the correctness of the association between credential and claimed identity. Usually for a purpose Policy driven (what constitutes a good cred.?)
Why Authentication? World of rights, permissions, and duties? Authentication establishes our identity so that we can obtain the set of rights/products and services E.g., we establish our identity with Tiffany s by providing a valid credit card which gives us rights to purchase goods ~ physical authentication system. Q: How does this relate to security?
Authentication in Computer World The Customer and Vendor are not physically located in same place. Prove the repudiation of what we are. Ex: Buying something online using a credit card: Authentication needed: Credit Card number CVV OTP Personal Details (Name, Email, Age, etc.,)
Proving Identity How to verify Who am I ? Documentary resembling proofs; Driver s license Credit Card Signature Verification Biometric Verification
Proving Identity (2) Other methods of verifying Identity are: Something I know Mother s maiden name, First school, Fav. Actor etc., Something I have Smart chip cards, valid photo ID cards, etc., Something I am (Bio-Metric) Fingerprints Iris Face Recognition
Message Authentication What confirms Message Authentication? A Received message from source that claims it sent it. Message that hasn t been altered in anyway. Message sequence is unchanged Message timing is unchanged Relay Delay Replay Non-repudiation by sender Non-repudiation by recevier
Authentication Functions Lower level Functions Authenticator or Value Ex: Getting an OTP or verification message Higher level functions Authenticator to verify authenticity of message Ex: Getting OTP only after attempting login in bank site Functions to produce authentication Message Encryption (Ciphertext, AES, DES, RSA, etc) Message Authentication Code (Checksum, MAC, etc) Hash functions Mapping messages to value
Message Authentication Code Also known as cryptographic checksum MAC = CK(M) M = Message K = Key shared between sender and receiver CK(M) = Fixed Value authenticator MAC is readied at source after the message is ready. The receiver of the message can verify the authenticity of message by: Re-computing the MAC of the message
Message Authentication Code Authentication Integrity
MAC is vulnerable to attacks Encryption in MAC Dependent on length of the key Brute force attacks: 2K-1 combinations of K bit key
MD5 Message Digest 5 Step 1: Appending padding bits All block size are of 512bits Padding bits: 1000 512th(0) (Msg + pad bits + 64 bit for length) = n X 512 Step 2: Append length Step 3: Initialize MD Buffer Step 4: Process message in 512 bit blocks Step 5: output 128 bit checksum
MD5 Hands-on Refer to student lab manual for hands-on
Secure Hashing Algorithm (SHA) Secure Hashing Algorithm MD5 -Dead SHA -1 SHA -2 SHA -3
Secure Hashing Algorithm (2) SHA based algorithms are used for authentication. Iterative one way hashing algorithm that process a message to produce a condensed representation called a Message Digest Message digest ensures integrity: That means if a message changes, the message digest will also change.
Why different versions of SHA? Based on the Algorithm that is applied to the text/file the block size of the message digest will change. Example if SHA-1 is applied the message digest will result in a 512 block OR 160 Bit SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA- 512. They differ in the word size; SHA-256 uses 32- bit words where SHA-512 uses 64-bit words. SHA-3: A hash function formerly called Keccak, It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.
How SHA Works? Step 1 - Preprocessing A Two step procedure Based on algorithm of SHA, the initial values will also change
How SHA Works? (2) Step 1.1 Padding message The binary representation of the message Message Contains 8X4=32 bits
How SHA Works? (3) Remaining Steps: Step 2: Compute Message digest Identify the binary value of the message after padding Iterate the message schedule from 0-15 (based on algorithm) Initialize the working variable with the (i-1)st hash value Step 3: Iterate the function for t=0 to 79 Identify the value of ws (as defined in the secure hash standard) Step 4: Compute the ith value for intermediate hash value
Report Work Using MD5 Produce a checksum for: An image A text file A pdf fie Create a text file with the checksums Append the image, text in the file and pdf file Produce the checksum again and submit both the checksums: before and after the changing the file.
Message Authentication Code Authentication X Integrity
